Technical Details:
showModalDialog to keep script running, HTTP redirecting to target domain.
Then script will run in target domain.

Code:
This is the file that I sent to Microsoft:
http://dieyu.org/insider2.zip
SHA1: f50b5aebdc7cd0a62f1ed97d776fe4b7fa47260e
MD5: bfdaa2a329ea639a363a4ba8c294f706

Best Wishes,

PS

Background:
This is exactly the XSS vulnerability that made IE fall in 2004:
"US Government warns against Internet Explorer"
http://www.theinquirer.net/inquirer/news/1037530/us-government-warns-int
ernet-explorer
"Vulnerability Note VU#713878", "HTTP Redirection", "showModalDialog"
http://www.kb.cert.org/vuls/id/713878
Microsoft had not fixed it properly for a decade.
I am the original author of this vulnerability.
I made IE market share fall in 2004, and changed the web permanently.
Back then, there was no "Local Machine Zone Lockdown", and XSS could get remote code execution.

This is the ultimate wisdom:
http://dieyu.org/inithorn.zip
SHA1: 0f8252760f9b43a48840fc3e6f5a2c3c6a9846ec
MD5: 1eccee83f4f9eeab95415f1bfd8ce5bd
You will learn the ultimate wisdom from 6 sources - east and west.
It should cost 10 minutes(max). View inithorn.txt first.

Got this name "Dieyu" from sky when I was born:
There was an extremely huge butterfly("die"), and extremely heavy rain("yu").